The end of privacy

BUDAPEST, Hungary, Sep 22 (Central European University )

International experts and e-activists meet in Budapest to discuss data retention on the internet

Press announcement

September 18, 2008

On Friday 19 September, more than 70 scholars, lawyers, policy experts, representatives of major NGOs, media professionals and activists from all over Europe will meet in Budapest to analyze the new EU law on data retention, and will develop strategies for defending and enhancing privacy and free communication. Hosted by the Center for Media and Communication Studies (CMCS) at the Central European University in Budapest, the workshop Data retention on the internet: Challenges for small, alternative and citizen-based internet service providers (ISPs) will focus on the implications of EU’s new data retention requirements on civil society, privacy and freedom of expression. The Association for Progressive Communications (APC), European Digital Rights (EDRI), and the Budapest-based civil society organization Green Spider co-organise the meeting.

“From January 1, 2009, the privacy and anonymity that we usually take for granted when we send an email or surf on the Internet will cease to exist”, said Oliver Leistert from University of Paderborn in Germany, one of the key experts and co-organizer of the meeting. According to European Union (EU) Directive 2006/24/EU, all telecommunications operators and Internet Service Providers (ISPs) in the EU will have to retain email and telephone connection data of their customers and users for up to two years. “This means that data about every citizen’s communication is stored without a specific reason”, said Arne Hintz, Director of the CMCS: “The very act of communication will become suspicious.”

“Data retention requirements contradict the Internet Rights Charter of APC and pose existential problems particularly for non-commercial and civil society-based ISPs”, said Maxigas, an online activist, working for APC’s Hungarian member Zold Pok. With its name translating in English as Green Spider, the e-network has been one of the first ISPs in Budapest, and maintains a solid base of civil-society users. “[The new EU directive] forces us to compromise on our most fundamental objective – protecting our users’ privacy from state and corporate data gathering – and become an integral part of surveillance operations”, Maxigas commented. The workshop will be the first to bring together members of non-commercial ISPs from different countries and backgrounds to learn about the new policy environment and discuss their concerns

The Budapest workshop will kick-start a weekend of meetings by digital rights advocates, media activists and non-commercial ISPs to develop a specific and coordinated civil society response to data retention policies as well as a strategy of how to maximise privacy protection despite data retention obligations. The meeting comes at a time when most EU member states are finalizing the implementation of the EU Directive, but also resistance is spreading. Civil rights groups such as the Hungarian TASZ have launched legal complaints and law suits, demonstrations have taken place and coordinated protest actions are planned for 11 October across Europe. Protagonists of lawsuits in different countries will use the Budapest workshop to discuss the prospects of legal challenges , to review campaigns against surveillance and to explore the technological options of safeguarding privacy and anonymity.

Data retention laws require telecommunications operators and Internet Service Providers to store the so-called metadata of every communicative act that happens within their communication infrastructure.

Data retention means that the “connection data” is stored. It enables operators and state authorities to track who communicates with whom, at what times, and for how long. It does NOT include recording the content of an email or phone conversation. Nevertheless it allows the creation of a “comprehensive digital dossier about every individual” (McIntyre TJ, Data retention in Ireland: Privacy, policy, security; Comput. LawSecur. Rep. (2008), doi: 10.1016/j.clsr.2008.03.001).

Data retention means pre-emptive surveillance of the entire population and is thus fundamentally different from traditional policing which was based on the presumption of innocence and required a strong suspicion.

European Union (EU) Directive 2006/24/EU requires all EU Member States to implement data retention laws by 1 January 2008, with an extension granted for online communications until 1 January 2009.

Civil rights groups in several countries have challenged data retention laws on the grounds that these laws conflict with fundamental rights and are unconstitutional. In Germany more than 30,000 citizens signed a legal challenge to the constitutional court. In Hungary, the Hungarian Civil Liberties Union filed a complaint against data retention.

In September 2007 and in May 2008, thousands of people demonstrated in Berlin, Germany, against data retention. On 11 October 2008, protest actions will take place in more than 20 countries worldwide, as part of the international action day “Freedom